Professional Documents
Culture Documents
0
The Cisco CCIE Security ® version 5.0 unifies written and lab exam
P P
NOTE: This CCIE Security unified exams topics version 5.0 includes Evolving Technologies v1.1 domain and should be
referenced for written exams scheduled on August 30, 2018 and beyond.
© 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. CCIE Security 5.0_ETv1.1 April 2018 Page 1 of 5
CCIE Security Unified Exam Topics v5.0
1.5 Describe, implement, and troubleshoot firewall features such as NAT (v4,v6), PAT, application
inspection, traffic zones, policy-based routing, traffic redirection to service modules, and identity
firewall on Cisco ASA and Cisco FTD
1.6 Describe, implement, and troubleshoot IOS security features such as Zone-Based Firewall (ZBF),
application layer inspection, NAT (v4,v6), PAT and TCP intercept on Cisco IOS/IOS-XE
1.7 Describe, implement, optimize, and troubleshoot policies and rules for traffic control on Cisco ASA, Cisco
FirePOWER and Cisco FTD
1.8 Describe, implement, and troubleshoot Cisco Firepower Management Center (FMC) features such
as alerting, logging, and reporting
1.9 Describe, implement, and troubleshoot correlation and remediation rules on Cisco FMC
1.10 Describe, implement, and troubleshoot Cisco FirePOWER and Cisco FTD deployment such as in-
line, passive, and TAP modes
1.11 Describe, implement, and troubleshoot Next Generation Firewall (NGFW) features such as SSL
inspection, user identity, geolocation, and AVC (Firepower appliance)
1.12 Describe, detect, and mitigate common types of attacks such as DoS/DDoS, evasion techniques,
spoofing, man-in-the-middle, and botnet
© 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. CCIE Security 5.0_ETv1.1 April 2018 Page 2 of 5
CCIE Security Unified Exam Topics v5.0
3.4 Describe, implement, and troubleshoot the Cisco IOS CA for VPN authentication
3.5 Describe, implement, and troubleshoot clientless SSL VPN technologies with DAP and smart tunnels
on Cisco ASA and Cisco FTD
3.6 Describe, implement, and troubleshoot site-to-site VPNs such as GETVPN, DMVPN and IPsec
3.7 Describe, implement, and troubleshoot uplink and downlink MACsec (802.1AE)
3.8 Describe, implement, and troubleshoot VPN high availability using Cisco ASA VPN clustering and
dual-hub DMVPN deployments
3.9 Describe the functions and security implications of cryptographic protocols such as AES, DES, 3DES,
ECC, SHA, MD5, ISAKMP/IKEv1, IKEv2, SSL, TLS/DTLS, ESP, AH, SAP, MKA, RSA, SCEP/EST, GDOI,
X.509, WPA, WPA2, WEP, and TKIP
3.10 Describe the security benefits of network segmentation and isolation
3.11 Describe, implement, and troubleshoot VRF-Lite and VRF-Aware VPN
3.12 Describe, implement, and troubleshoot microsegmentation with TrustSec using SGT and SXP
3.13 Describe, implement, and troubleshoot infrastructure segmentation methods such as VLAN, PVLAN,
and GRE
3.14 Describe the functionality of Cisco VSG used to secure virtual environments
3.15 Describe the security benefits of data center segmentation using ACI, EVPN, VXLAN, and NVGRE
© 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. CCIE Security 5.0_ETv1.1 April 2018 Page 3 of 5
CCIE Security Unified Exam Topics v5.0
4.18 Describe, implement, and troubleshoot pxGrid between security devices such as WSA, ISE, and Cisco
FMC
© 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. CCIE Security 5.0_ETv1.1 April 2018 Page 4 of 5
CCIE Security Unified Exam Topics v5.0
Printed in USA
© 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. CCIE Security 5.0_ETv1.1 April 2018 Page 5 of 5